Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #48559
| From | Alister <alister.ware@ntlworld.com> |
|---|---|
| Subject | Re: Updating a filename's counter value failed each time |
| Newsgroups | comp.lang.python |
| References | <kpne3k$1066$1@news.ntua.gr> <b290qpFm23aU1@mid.uni-berlin.de> <kpnj6o$av7$4@news.grnet.gr> <D5Jvt.58070$hJ.17171@fx19.am4> <kpno5h$std$2@news.grnet.gr> |
| Message-ID | <liKvt.47351$ja6.826@fx18.am4> (permalink) |
| Organization | virginmedia.com |
| Date | 2013-06-17 20:26 +0000 |
On Mon, 17 Jun 2013 22:30:57 +0300, Νίκος wrote: > On 17/6/2013 10:05 μμ, Alister wrote: >> You are correct Nicos, passing the values as a parameter list does >> protect you from SQL injection JT has made an error. > > Even if the query is somehting like: > > http://superhost.gr/cgi-bin/files.py?filename="Select....." > > From what exactly the comma protects me for? > > What id=f the user passes data to filename variable throgh url? Will > comma understand that? > How can it tell form a normal filename opposes to a select statemnt > acting as a filename value? this is because the execute method is written to escape the contents of the parameter list. if you want more information you really do need to read either the documentation or a good tutorial which would explain things far better than I can otherwise prove it to yourself by creating a dummy database & trying it Make sure you are NOT using your production database so you do not risk any real data -- Being a BALD HERO is almost as FESTIVE as a TATTOOED KNOCKWURST.
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Updating a filename's counter value failed each time Simpleton <support@superhost.gr> - 2013-06-17 19:39 +0300
Re: Updating a filename's counter value failed each time MRAB <python@mrabarnett.plus.com> - 2013-06-17 18:40 +0100
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-17 20:51 +0300
Re: Updating a filename's counter value failed each time John Gordon <gordon@panix.com> - 2013-06-17 17:40 +0000
Re: Updating a filename's counter value failed each time jt@toerring.de (Jens Thoms Toerring) - 2013-06-17 17:54 +0000
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-17 21:06 +0300
Re: Updating a filename's counter value failed each time jt@toerring.de (Jens Thoms Toerring) - 2013-06-17 18:32 +0000
Re: Updating a filename's counter value failed each time MRAB <python@mrabarnett.plus.com> - 2013-06-17 19:47 +0100
Re: Updating a filename's counter value failed each time jt@toerring.de (Jens Thoms Toerring) - 2013-06-17 19:16 +0000
Re: Updating a filename's counter value failed each time Alister <alister.ware@ntlworld.com> - 2013-06-17 20:33 +0000
Re: Updating a filename's counter value failed each time Alister <alister.ware@ntlworld.com> - 2013-06-17 19:05 +0000
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-17 22:30 +0300
Re: Updating a filename's counter value failed each time Alister <alister.ware@ntlworld.com> - 2013-06-17 20:26 +0000
Re: Updating a filename's counter value failed each time Alister <alister.ware@ntlworld.com> - 2013-06-17 20:43 +0000
Re: Updating a filename's counter value failed each time Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-06-17 19:30 -0400
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-18 03:25 +0300
Re: Updating a filename's counter value failed each time John Gordon <gordon@panix.com> - 2013-06-17 19:19 +0000
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-17 22:28 +0300
Re: Updating a filename's counter value failed each time Alister <alister.ware@ntlworld.com> - 2013-06-17 20:39 +0000
Re: Updating a filename's counter value failed each time John Gordon <gordon@panix.com> - 2013-06-17 20:44 +0000
Re: Updating a filename's counter value failed each time Alister <alister.ware@ntlworld.com> - 2013-06-17 20:49 +0000
Re: Updating a filename's counter value failed each time MRAB <python@mrabarnett.plus.com> - 2013-06-17 23:22 +0100
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-18 02:11 +0300
Re: Updating a filename's counter value failed each time Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-06-17 21:42 -0400
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-18 08:49 +0300
Re: Updating a filename's counter value failed each time Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-06-18 19:56 -0400
Re: Updating a filename's counter value failed each time Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-06-17 22:01 -0400
Re: Updating a filename's counter value failed each time Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-06-17 23:18 +0000
Re: Updating a filename's counter value failed each time Νίκος <support@superhost.gr> - 2013-06-18 03:22 +0300
csiph-web